As this is the first cert requested for this FQDN, you need to understand how cert authentication happens and how your setup would allow for it (to happen).
Or switch to a better suited authentication method (perhaps DNS auth).

I don’t use AWS for DNS, so I can’t guide you with that specifically.
But there should be a working DNS plugin for AWS.

thank you @rg305! I’ve changed my DNS to resolve to a single IP, but I’m getting another error:Failed authorization procedure. apolloapi.borealisai.de (http-01): urn:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://apolloapi.borealisai.de/.well-known/acme-challenge/<ChallengeKey>: Timeout during connect (likely firewall problem)

I have a server listening at ports 80 and 443 at this address, am I missing anything else?